In a certain number of applications, in particular in the field of the Pay-TV, data forming a content is sent in the form of data packets. These packets can in particular have a fixed predefined length. They are generally broadcast in encrypted form to a set of receivers such as decoders.
In parallel to the data packets, decryption information is also broadcast or transmitted in another way. This information contains, in particular, the decryption keys or data allowing the necessary keys to be determined. In order to guarantee a certain level of security in conditional access data systems, it is imperative that the keys are changed after a certain usage or validity time. In practice, in the particular case of Pay-TV, a key could be used to access a television content for a few seconds, or even a few minutes. One of the constraints related to the key change is the need to associate the correct decryption key to each data packet, without which this data is not accessible. However, It is practically impossible to synchronise the data with the decryption information, in particular due to the internal working of the systems. Furthermore, in certain applications, the keys can be transmitted in the form of a key file completely independently of the content.
For these reasons, it is necessary to dispose of a mechanism that allows the association of each data packet to the corresponding decryption key, without being able to synchronise these two elements.
The document EP 1 215 905 describes such an application in which the keys are sent in the form of files independent of the content. In the process described in this document, the keys are sent in the form of a list. Parallel to this, a table is sent, this table containing for each key, the number of packets that have been encrypted with this key. The receiver includes a packet counter. When a packet is received, its content is decrypted with the first key of the key list. The number of packets encrypted with this key is searched for in the table. All the following packets received by the receiver are decrypted by the same key until the total number of packets encrypted with this key is reached. Then, the following key is used and the process continues in the same way.
According to another embodiment, in order to determine the key to be used for a given packet, an information contained in said packet is used, in particular a temporary piece of information contained in the header. The correspondence between the temporary information and the key to be used is stored in a table as mentioned previously.
In this method, the content of a packet is not modified. In addition to sending conventional information, a table allows the decryption key to be found which must be used in correspondence with each packet.
According to a known embodiment, the data packets generally contain a marker having a known value that allows the receiver/decoder to locate the start of a packet and process this packet accordingly.
According to the standards used to format these packets, the length of a packet is fixed and it is not possible to add supplementary data to that already existing. In particular, this means that when the encryption key of a packet is modified, provision is not made to indicate this key change in the packet, for example by means of key change information. It should be noted that the key change is not synchronised with the packets, so that a key can generally be used for encrypting and decrypting several packets.
In the existing systems, on reception of a packet, this is decrypted with the current key. Then it is verified if the result of the decryption is usable, that is to say if it contains the marker. If this is not the case, the same packet is decrypted with the following key. If the result of this decryption is usable and thus contains the marker, the new key is used for the decryption. If the result of this decryption does not contain the marker, an error message is generated.
This embodiment presents an important drawback. In fact, it happens that the decryption of a packet with the current key gives a result unmistakably containing the marker, even though this packet has been encrypted with a key other than the current key. This result given at random is produced according to a significant frequency and prevents a user from accessing the content even if he has the rights.
This invention proposes to avoid this drawback by carrying out a method in which the key change is indicated, so that the packets will be decrypted with the key with which they have been encrypted, without any possible confusion between the two keys. Therefore, access to the content is always assured.